PIN-change mode

Depending on the token type, IBM® MFA uses the password field to contain the PIN and the token code.

PIN-change mode is similar to a password change in that after you complete the normal logon, you receive a "password expired" notification.

For example, assume that you want to use 9999 as the new hard token pin, or 229999 if using a soft token.

With passphrase support (more than 8 characters allowed for the password):

For a hard token, you will be prompted to enter a new password. Enter 9999 in new password field.
For a soft token, you will be prompted to enter a new password. Enter 229999 in new password field.

Without passphrase support (maximum of 8 characters allowed for the password):

For a hard token, you enter
- 123456 in the password field (unless the underlying software does this for you).
- 9999 in the new password field.
- 9999 in the verify new password field.
For a soft token, you enter:
- 223344 in the password field.
- 229999 in new password field.
- 229999 in the verify new password field.

Note:

After the PIN change is done, you then need to re-validate with the new codes using the normal logon steps.